cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6327,https://securityvulnerability.io/vulnerability/CVE-2024-6327,Remote Code Execution Vulnerability in Telerik Report Server,"In Progress Telerik Report Server, a vulnerability exists due to insecure deserialization processes, allowing attackers to potentially execute arbitrary code remotely. This issue affects versions released prior to 2024 Q2 (10.1.24.709), which may enable malicious users to manipulate serialized data, leading to unauthorized actions and system compromise. Organizations utilizing this software are advised to update to the latest version to mitigate the risks associated with this vulnerability.",Progress Software,Telerik Report Server,9.8,CRITICAL,0.0007099999929778278,false,true,false,true,,true,false,2024-07-24T13:57:07.165Z,6110
CVE-2024-4358,https://securityvulnerability.io/vulnerability/CVE-2024-4358,Unauthenticated Attacker Can Gain Access to Restricted Functionality via Authentication Bypass Vulnerability in Telerik Report Server,"An authentication bypass vulnerability exists in Progress Telerik Report Server, specifically in versions prior to 2024 Q1 (10.0.24.305) deployed on IIS. This issue permits unauthenticated attackers to access restricted features of the Telerik Report Server, compromising the security and privacy of sensitive data. Attackers exploiting this vulnerability can perform unauthorized actions that should otherwise be restricted to authenticated users, significantly undermining the integrity of the server's operations.",Progress Software,Telerik Report Server,9.8,CRITICAL,0.9172800183296204,true,true,true,true,true,true,true,2024-05-29T14:51:21.612Z,13759
CVE-2024-4837,https://securityvulnerability.io/vulnerability/CVE-2024-4837,Unauthenticated Attacker Can Gain Access to Restricted Functionality via Trust Boundary Violation Vulnerability in Telerik Report Server,"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.",Progress Software,Telerik Report Server,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-15T17:04:05.705Z,0
CVE-2024-4357,https://securityvulnerability.io/vulnerability/CVE-2024-4357,Low-Privilege Attacker Can Read Systems Files via XML External Entity Processing Vulnerability,"An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.",Progress Software,Telerik Report Server,6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-05-15T16:58:31.306Z,0
CVE-2024-1800,https://securityvulnerability.io/vulnerability/CVE-2024-1800,Remote Code Execution Vulnerability in Telerik Report Server,"The CVE-2024-1800 vulnerability is a critical remote code execution flaw found in the Progress Telerik Report Server, a widely used business reporting solution. This flaw allows attackers to execute malicious code remotely on affected systems, potentially leading to severe consequences such as data theft, malware installation, or disruption of critical business operations. All versions of the Progress Telerik Report Server before 2024 Q1 (10.0.24.130) are vulnerable to this exploit. Progress Telerik has released a fix in Report Server version 2024 Q1 (10.0.24.305) and organizations using Telerik Report Server are urged to update as soon as possible to address this security flaw.",Progress Software,Telerik Report Server,9.9,CRITICAL,0.0004600000102072954,false,true,false,false,,false,false,2024-03-20T13:11:41.461Z,0